@Nuttycomputer — your diagnosis sounds correct (you say "clear as mud" but in actuality it's clear as crystal :-) ). I'm still learning about IPv6 myself, I have more than enough experience with IPv4 (spent too much time at my old job looking at Wireshark packet captures to diagnose broken TCP stacks or NAT translators on enterprise customer equipment), but IPv6 is still new to me.
The ifconfig output looks to me like the IPv6 address being assigned from Comcast is getting assigned to the br0 interface, rather than the vlan2 interface. Of course I could have this all wrong — the way these consumer routers do their "interface stuff" is a complete nightmare — I'm more used to FreeBSD's methodology.
There may be a specific parameter or option that's needed in the DHCPv6 packet (e.g. on the client end, which is TomatoUSB) to make it work with Comcast. For example, with DHCP IPv4 I remember some ISPs long ago requiring a domain suffix parameter be included in the client, else the request would be ignored. I have no proof that's the case here, but I'm saying that it's got to be something along those lines.
About all I can do right now is try this — and I haven't done it yet: on TomatoUSB, kill dhcp6c, fire up tcpdump to capture any non-IPv4 protocol (because "ip6" doesn't necessarily work in the tcpdump binary via ipkg; someone REALLY needs to rebuild that!), then restart dhcp6c with identical parameters as it was started during reboot, then analyse the packet capture to see what's going out across the wire and what's coming back, using Wireshark. That's about the best I can do. Every time I've talked to Comcast engineers all they tell me is "we need you to hook your cable modem up to your PC running Windows 7 and see if IPv6 works, that's the proper test, because we know many routers are broken". Yeah well, things will remain broken until an actual engineer (like myself) figures out WHY they're broken. Sheesh!
I can assure you of one thing though — with tcpdump on TomatoUSB, I can absolutely determine that I *am* seeing IPv6 RAs from Comcast, so they are in fact trying to send some degree of IPv6 traffic across the wire.